Hardware based randomness for Linux

True randomness can be hard to come by in the digital world. [Andy Green] is making it easier to get true entropy by using this random USB dongle. The Whirlygig uses a CPDL to gather data from a set of of oscillators. The oscillators have a constantly fluctuating frequency due to temperature changes; if they run faster they generate more heat which in turn slows them down. This, along with the variable latency associated with polling a USB device, gives great depth of randomness. The device is detected and mounted under ‘/dev/hw_random’ and can then be fed into ‘/dev/random’ using the rng-tools package. [Andy’s] done a lot of testing, both on the hardware, and on the quality of randomness. We didn’t see an option to order this but he’s got hardware and firmware repositories so that you can throw one together yourself.

To detect when the hardware starts failing, you can create a hardware or software watchdog to regularly calculate the Entropy of a set of random samples. Given a sufficient big set, the Entropy should be near maximum.

So, when the Entropy goes below a certain threshold, it is guaranteed that your HW-RNG is failing.

Is there any device which is “plug in and use forever”? Of course a hardware RNG will eventually fail, just like anything else. It is no different from running occasional filesystem checks on a hard drive, you do spot checks on the system to make sure it is still working within certain tolerances.

That said, I am not sure how this relates to the project at hand. This device certainly doesn’t claim to be perfect, much less eternally perfect.

I think Keith still have a point. HW-RNGs are mostly used for security applications and on those cases the randomness of that is critical.
Making the device check the randomness of its output and discard sets of samples who are not, would be a important security improvement IMHO.